Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XI - Issue #67

August 25, 2009

The first story in Top of the News this week is one of the biggest untold stories in security; friends inside the financial institutions tell me the losses are already over $1 million a week and growing very fast. An interesting part of the story is that the banks are not covering the losses for commercial depositors. Companies are failing;
jobs are being lost because of these attacks.

If you are planning to move to Windows 7 (like almost everyone else) give your system admins and security folks a head start by attending the new six-day Securing Windows course (SEC505). It has been fully updated for Windows 7 and Server 2008-R2.http://tinyurl.com/ltem5o

Webinar: SANS' Chris Brenton on a World Without Malware August 27th; 2:00pm EDT

Register for this FREE webinar to hear Chris Brenton address how to eliminate malware and close the security gap that threatens our nation's infrastructure. Topics include: - - What makes systems vulnerable - - Why we are losing the malware battle - - How to win the war

TOP OF THE NEWS

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.-http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?hpid=topnews[Guest Editor's Note (Rob Lee): We are seeing a lot of these. There are three contributing reasons they are growing so fast:(1) Low threat of arrest in these "safe havens,"(2) High payout for the crime, and(3) Victim sharing data on these attacks has been minimal. The attacks are amazingly simple and the amount of money taken is large. The firms do not know how to protect themselves. In some cases where credit card theft has occurred, they have had to shut down because they lost the ability to process credit cards. Small businesses are being affected greatly by poor security practices. It isn't a risk issue. It is a survival one. ]

Revealed Blogger Suing Google (August 24, 2009)

Rosemary Port, the blogger whose identity was revealed last week by a court order, says she will sue Google for failing to protect her privacy. Port is seeking US $15 million. Vogue model Liskula Cohen won an order seeking the identity of the blogger who made defamatory comments about her. According to Google, Blogger.com users must agree to a privacy policy that allows their identities to be revealed if demanded by legal action. Port thinks Cohen is responsible for the sudden high profile of the case; before Cohen won the order to uncover Port's identity, Port's blog had a very low volume of traffic.-http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6807682.ece-http://news.cnet.com/8301-17852_3-10315998-71.html

THE REST OF THE WEEK'S NEWS

Eight people have been indicted in connection with a scheme in which US $22 million worth of devices and services were stolen from AT&T and T-Mobile over four years. Two of the eight worked as authorized cell phone dealers, allowing them access to databases from which they allegedly stole customer names and personally identifiable information that was used to order new wireless devices. They allegedly managed to divert the devices so they were delivered to themselves, then allegedly sold them. Internet Storm Center: -http://isc.sans.org/diary.html?storyid=7003-http://www.theregister.co.uk/2009/08/21/att_tmobile_id_theft_indictment/

Judge Dismisses All But One of the Charges Against San Francisco City Network Administrator (August 23, 2009)

A San Francisco Superior Court Judge has dismissed all but one of the charges against former city network administrator Terry Childs. Childs has been in custody since July 2008 for allegedly taking control of a city computer network and locking city workers out of accessing the system. Judge Kevin McCarthy dismissed three tampering charges against Childs, leaving him to face only denying city authorities access to the network.-http://news.cnet.com/8301-1009_3-10315708-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

[Editor's Note (Northcutt): This is a story we must not forget. The data custodian locked the data owner out of access to their own data. You have heard it from me a thousand times, but the two words that define this situation are "access control." ]

DHS Warns of Malicious Spoofed eMail (August 24, 2009)

The US Department of Homeland Security (DHS) has warned of malicious email messages that appear to be from the DHS Division of Intelligence. The emails actually come from addresses in Latvia and Russia and contain links to malware designed to steal passwords. The messages were sent to US Defense Department officials and state and local government officials starting in June.-http://www.nextgov.com/nextgov/ng_20090824_7279.php?oref=topnews

Former National institute of Standards and Technology (NIST) officials have written a letter expressing their concern with NIST's proposal to reorganize its IT Laboratory. Dr. Dennis Branstad, Dr. Stuart Katzke, F. Lynn McNulty and Miles E. Smid wrote that they "believe it is a mistake to diminish NIST's computer security program at a time when external support for the program is at an all-time high and when cybersecurity is of vital importance to the economic well-being and security of our nation." According to a NIST statement, "the proposed reorganization would not include any reduction in force, or major changes in the lab's core competencies."-http://gcn.com/Articles/2009/08/24/Update-2-NIST-IT-Lab-reorganization.aspx?p=1

[Editor's Note (Schultz): I strongly agree with the former NIST officials. NIST has been incredible in producing valuable security-related standards and guidelines. Why tamper with what is working so well? (Paller): It is not clear whether the NIST reorganization is a good idea, but it is absolutely clear that the current system is deeply flawed - spewing out thousands of pages of documents written by consultants who then hire on at other federal agencies to write additional reports that purport to decipher and apply the nearly useless guidance. Senior federal officials have just begun holding up NIST Special Publications and saying "This is what we DON'T need." Recall the fable of the emperor's new clothes, when a child with nothing to gain or lose from telling the truth cried out "look, the emperor is naked." ]

A number of cross site scripting (XSS) flaws on the website of Ameriprise Financial could have been exploited to steal sensitive information from customers. The flaws allowed attackers to intersperse malicious content with legitimate Ameriprise site content and to steal users' cookies. When alerted to the flaws, an Ameriprise executive said "It's an important point to note that none of our client data can be exposed by this." Ameriprise fixed the flaws less than two hours after being notified by The Register.-http://www.theregister.co.uk/2009/08/20/ameriprise_website_vulnerabilities/

[Editor's Note (Schultz): The fact that so many hospitals have not bothered to patch their Windows systems for a vulnerability that surfaced way back last October shows that they are not exercising due care in information security. If they do not exercise due care in security, chances are they are also deficient in other important areas. Potential patients of these hospitals should thus think twice before staying in them--surely better alternatives exist. ]********************************************************************** The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rohit Dhamankar is the Director of Security Research at TippingPoint, where he leads the Digital Vaccine and ThreatLinQ groups. His group develops protection filters to address vulnerabilities, viruses, worms, Trojans, P2P, spyware, and other applications for use in TippingPoint's Intrusion Prevention Systems.

Prof. Howard A. Schmidt is the President of the Information Security Forum (ISF) and author who has served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a senior Lockheed Martin Fellow.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Mark Weatherford, CISSP, CISM, is Chief Information Security Officer of the State of California.

Alan Paller is director of research at the SANS Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/